For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

William_Them_99's avatar
William_Them_99
Icon for Nimbostratus rankNimbostratus
Apr 03, 2006

Certificate Authentication Problem

In our environment, if you visit a virtual server hosting an application, the BIGIP will prompt for a client certificate and then authenticate that certificate against an LDAP database.     If t...
application delivery
dev
devops
iRules
William_Them_99's avatar
William_Them_99
Icon for Nimbostratus rankNimbostratus
Jul 06, 2006

Ok, so last night we upgraded our development BIGIP box to v9.2.3 in order to be able to use the SSL::session invalidate function.

In the iRule, just before the redirect to the second virtual server, I pasted it in like so:


session delete ssl $id
SSL::session invalidate
HTTP::redirect "https://$login_vs/registration/auto_reg.aspx?location_request=[session lookup uie "location_request"]"

Unfortunately we are still seeing the same behavior, that after the redirect to the second virtual server, if you manually type the URL to the first virtual server, you are no longer prompted for a client certificate. The way I understand the Wiki entry for the function, this should not be happening. It says:

SSL::session invalidate

Invalidates the current session. Specifically, this command drops the session from the session cache to prevent reuse of the session.

So - by calling this right before the redirect, shouldn't it delete all traces of the SSL handshakes with the first virtual server, including client certificates?

Thanks.

-Bill